INFA 610 Midterm
INFA 610 Midterm
(b). To impose some form of separation between users and separation between objects.
(c). Access control
(a), (c) & (d)
True
False
(a). person or program, files or device
True
(a). Mandatory, control, and access
True
(a). Confidentiality and integrity
Step 1: Inform credit bureaus and formulate alerts for fraud
Step 2: Keep a check on your credit reports
Step 3: Freeze your security reports
(a), (c) & (d)
(c)
(a). Only processes of one sensitivity level are run at one time. Temporal Separation
(b). Confidential work is run on machines that are not shared. Physical separation
Temporal separation:
1. It is expensive
2. Different requirements need to be catered to for providing different security
Physical separation:
1. Different systems need to be maintained
2. Applying security on all machines is difficult
16. 2004
17.
Yes/No
18. Optimistic locking, programmability, transaction control
19. 1. Provide trustworthy authentication processes. Failure: authentication process is not trustworthy
2. Follow system of least privilege. Failure: Granting privileges with generosity
3. Fail securely. Failure: system is not designed to fail securely
20. 1. Provision an overview of system security requirements is necessary to ensure efficiency of plan.
2. The controls designed for meeting necessities should be considered to ensure all points are considered
3. Responsibilities should be outlined for everyone accessing the system to ensure liability
21. This principle states that computer items need to be protected till they lose their value. I agree with it but it is difficult to incorporate if the items are too old and it is not possible to protect them, or cost of protection is more.
22.
OS:software
Application:instrumentation routines
Single user:the program developer
23. Short timeliness: Data that changes rapidly such daily reports
Long timeliness: Data that takes more time such as development of application
24. a. Do you agree with the above statement? Answer: Yes
b. Is every fault a vulnerability? Answer: No
c. Is every vulnerability a fault?Answer: Yes
25. There is a restriction of easy security assets, meaning that the subject can get access if the subject's clearance level is dominated by object's classification level. There is also a restriction that the subject can be given write access to an object only if subject's access set's security level is governed by the classification level of object.
26. Unix operating system use a Discretionary Access Control (DAC) because it means that subjects can grant other subjects access to their files.
27.
Airline: ticketing system, airplane software, booking management
Bank: credit records, bank account records, money management
oil drilling: reserve management, R&D, machinery management
political campaign: goal setting, human resource, campaigns
28. First the computer or workstation would be isolated and then disconnected from the internet. Only backups can ensure clean version of the system as the system is vulnerable to security threats. Special imaging tools need to be used for making copies of files on hard drive. Then the backups can be used to get a clean version of the system.
Essay Question: Security Plan
Policy
This hypothetical security plan is established for ABC computers. The hardware, software and network accounts along with storage media, operating systems are the ABC computer's ...